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LISTING OF CLAIMS 

This listing of claims will replace all prior versions, and listings, of claims in the 
application: 

1. (Currently Amended) A method for inserting a new access rule into an access 
control list for enforcing policies and permissions for controlling access to various 
network resources, the list configured to contain independent rule blocks having ordered 
access rules, the method comprising: 

if the list is empty, creating a new independent rule block and inserting the new 
access rule therein; 

if the list is not empty, creating from the list a set of mapped independent rule 

blocks; 

for each block in the set, attempting to determine a position for the new access 

rule; 

removing from the set those blocks for which a position cannot be determined; and 
merging the blocks in the set to form a new independent rule block and inserting 

the new access rule therein 

and applying the access rules in the list to enforce policies and permissions to 

control access to various network resources . 

2. (Original) The method of claim 1 wherein creating from the list a set of mapped 
independent rule blocks comprises selecting all blocks in the list having at least one rule 
that is not disjoint with the new access rule. 

3. (Original) The method of claim 1 wherein attempting to determine a position 
for the new access rule comprises: 

comparing each existing rule in the rule block to the new access rule; and 
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if all existing rules have been compared against the new access rule and no 
determination has been made, and if the new access rule is not disjoint with at least one 
existing rule in the rule block, determining a position for the new access rule that is at the 
end of the block, otherwise, determining that there is no position for the new rule in the 
rule block. 

4. (Original) The method of claim 3 wherein comparing each existing rule in the 
rule block to the new access rule comprises: 

if the two rules are disjoint, continuing to the next comparison; 

if the new access rule is a subset of the existing rule and the two rules perform the 
same action, determining that there is no position in the block for the new access rule; 

if the new access rule is a subset of the existing rule and the two rules do not 
perform the same action, resolving the conflict between the new access rule and the 
existing rule; 

if the existing rule is a subset of the new access rule and the two rules perform the 
same action, determining a position for the new access rule that is in the place of the 
existing rule and removing the existing rule from the block; 

if the existing rule is a subset of the new access rule and the two rules do not 
perform the same action, resolving the conflict; 

if the new access rule and the existing rule are not disjoint, neither is a subset of 
the other, and the two rules have the same action, continuing to the next comparison; and 

if the new access rule and the existing rule are not disjoint, neither is a subset of 
the other, and the two rules do not have the same action, resolving the conflict. 

5. (Original) The method of claim 4 wherein resolving the conflict if the new 
access rule is a subset of the existing rule and the two rules do not perform the same 
action further comprises: 
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if the new access rule takes priority, determining a position for the new access rule 
that is immediately before the existing rule; and 

if the existing rule takes priority, removing the block from the set of mapped 
independent rule blocks. 

6. (Original) The method of claim 4 wherein resolving the conflict if the existing 
rule is a subset of the new access rule and the two rules do not perform the same action 
further comprises: 

if the new access rule takes priority, determining a position for the new access rule 
that is in the place of the existing rule and removing the existing rule from the block; and 

if the existing rule takes priority, designating a position in the block for the new 
access rule that is immediately behind the existing rule. 

7. (Original) The method of claim 4 wherein resolving the conflict if the new 
access rule and the existing rule are not disjoint, neither is a subset of the other, and the 
two rules do not have the same action further comprises: 

if the new access rule takes priority, placing the new access rule in a position 
occupied by the existing rule; and 

if the existing rule takes priority, continuing to the next comparison. 

8. (Original) The method of claim 4 wherein resolving the conflict comprises 
establishing a priority based on predefined rules. 

9. (Original) The method of claim 4 wherein resolving the conflict comprises 
establishing a priority based on user input. 

10. (Original) The method of claim 1 wherein merging the blocks in the set to form 
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a new independent rule block and inserting the new access rule therein comprises: 

placing all rules from every block in the set which are positioned ahead of the new 

access rule in front of the new access rule in the new block; and 

placing all rules from every block in the set which are positioned after the new 

access rule behind the new access rule in the new block. 

11. (Original) The method of claim 1 further comprising removing an existing 
rule, wherein the removing includes: 

searching for the existing rule to be removed based on an identification number 
associated with the existing rule; and 
removing the rule. 

12. (Currently Amended) A computer system comprising: 

a rule base containing an access control list configured to hold independent rule 
blocks having ordered access rules , the rules for enforcing policies and permissions for 
controlling access to various network resources; 

a rule enforcing engine for enforcing the rules in the access control list to control 
access to various network resources; and 

a rule insertion engine configured to execute instructions for inserting a new access 
rule into the access control list, the instructions comprising: 

if the access control list is empty, creating a new independent rule block and 
inserting the new access rule therein; and 

if the access control list is not empty, creating from the access control list a 
set of mapped independent rule blocks; 

if the set is empty, creating a new independent rule block and inserting the 
new access rule therein; and 

merging the blocks in a subset of the set comprising those blocks for which 
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a position for the new access rule can be determined, and inserting the new access rule 
therein. 

13. (Original) The system of claim 12 wherein creating a set of mapped 
independent rule blocks comprises evaluating each independent rule block in the access 
control list and determining whether there is an existing access rule in the independent 
rule block that is not disjoint with the new access rule. 

14. (Original) The system of claim 12 wherein determining a position for the new 
access rule comprises: 

comparing each existing rule in the independent rule block to the new access rule; 

and 

if all existing rules have been compared against the new access rule and no 
position has been determined, designating a position for the new access rule that is at the 
end of the block. 

15. (Original) The system of claim 14 wherein comparing each existing rule in the 
independent rule block to the new access rule comprises: 

if the two rules are disjoint, continuing to the next comparison; 

if the new access rule is a subset of the existing rule and the two rules perform the 
same action, determining that there is no position in the block for the new access rule; 

if the new access rule is a subset of the existing rule and the two rules do not 
perform the same action, determining a priority between the new access rule and the 
existing rule; 

if the existing rule is a subset of the new access rule and the two rules perform the 
same action, determining a position for the new access rule that is in the place of the 
existing rule and removing the existing rule from the block; 
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if the existing rule is a subset of the new access rule and the two rules do not 
perform the same action, determining a priority between the existing rule and the new 
access rule; 

if the new access rule and the existing rule are not disjoint, neither is a subset of 
the other, and both have the same action, continuing to the next comparison; and 

if the new access rule and the existing rule are not disjoint, neither is a subset of 
the other, and the two rules do not have the same action, determining a priority between 
the existing rule and the new access rule. 

16. (Original) The system of claim 15 wherein determining a priority comprises 
the use of predetermined rules. 

17. (Original) The system of claim 15 wherein determining a priority comprises 
accepting user input to determine priority. 

18. (Original) The system of claim 12 wherein removing the rule comprises 
searching for the rule to be removed based on an identification number associated with 
the rule and removing the rule. 

19. (Original) The system of claim 12 wherein merging the blocks in a subset 
comprises: 

placing all rules from every block in the subset which have a position ahead of the 
rule being inserted in front of the new access rule in the new block; and 

placing all rules from every block in the subset which have a position after the new 
access rule being inserted behind the new access rule in the new block. 

20. (Currently Amended) A computer readable medium comprising computer 
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executable instructions for inserting a new access rule into an access control list 
containing independent rule blocks having ordered access rules for enforcing policies and 
permissions for controlling access to various network resources, the instructions 
comprising: 

creating a new independent rule block and inserting the rule therein if the list is 
empty; 

creating from the list a set of mapped independent rule blocks if the list is not 
empty; 

determining a position for the new access rule for each block in the set and 
removing from the set those blocks for which a position cannot be determined; and 

merging the blocks in the set to form a new independent rule block and inserting 
the rule therei n; and 

applying the rules to enforce policies and permissions regarding access to various 
network resources . 

21. (Original) The computer readable medium of claim 20 wherein creating the set 
of mapped independent rule blocks includes selecting all blocks in the list having at least 
one rule that is not disjoint with the new access rule. 

22. (Original) The computer readable medium of claim 20 wherein determining a 
position for the new access rule includes comparing each existing rule in the rule block to 
the new access rule and, for each comparison: 

if the two rules are disjoint, continuing to the next comparison; 

if the new access rule is a subset of the existing rule and the two rules perform the 
same action, determining that there is no position in the block for the new access rule; 

if the new access rule is a subset of the existing rule and the two rules do not 
perform the same action, resolving the conflict between the new access rule and the 
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existing rule, and if the new access rule takes priority, assigning a position of the existing 
rule to the new access rule, and if the existing rule takes priority, not assigning a position 
to the new access rule; 

if the existing rule is a subset of the new access rule and the two rules perform the 
same action, assigning a position of the existing rule to the new access rule; 

if the existing rule is a subset of the new access rule and the two rules do not 
perform the same action, determining which of the new access and existing rules has 
priority and, if the new access rule takes priority, assigning a position of the existing rule 
to the new access rule, and if the existing rule takes priority, assigning a position in the 
block for the new access rule that is immediately behind the existing rule; 

if the new access rule and the existing rule are not disjoint, neither is a subset of 
the other, and the two rules do not have the same action, determining which of the new 
access and existing rules has priority and, if the new access rule takes priority, assigning a 
position of the existing rule to the new access rule; and 

if all existing rules have been compared against the new access rule and no 
determination has been made, determining a position for the new access rule that is at the 
end of the block. 

23. (Original) The computer readable medium of claim 21 wherein determining 
which of the new access and existing rules has priority is based at least partly on user 
determined criteria. 

24. (Original) The computer readable medium of claim 20 wherein merging the 
blocks in the set to form a new independent rule block and inserting the rule therein 
comprises: 

placing all rules from every block in the set which have a position ahead of the rule 
being inserted in front of the new access rule in the new block; and 
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placing all rules from every set which placed after the rule being inserted behind 
the new access rule in the new block. 

25. (Original) The computer readable medium of claim 20 wherein removing the 
rule comprises searching for the rule in the list based on a unique identification number 
and removing the rule. 
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